From patchwork Fri Oct 11 21:43:50 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jim Mattson <jmattson@google.com>
X-Patchwork-Id: 13833189
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D666C1D1721
	for <kvm@vger.kernel.org>; Fri, 11 Oct 2024 21:44:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728683057; cv=none;
 b=XSNFOOs0xMt/49s9PK6+yQWTYt/D+vAEcuYvJT9puYKdNGpz3M/lRxQL4CSmzqD6C1n1GdfPZscz0Qyma9RSDU2u7lAfPX/xl2yVFLFTR0a1/6H7fbsTSZGKDY1p1Er7jnd9zxGhp51olnhXcyHwrTPJezdGPm7iQRRdBEf4Bpw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728683057; c=relaxed/simple;
	bh=Alfb43ggy1morVAhVCl9j9Qs+u6QkOqSpSocYaViI8Y=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=R/DTtoPUk9+tYkmO7mC+AKXBnFbof+h+eKMiDNHRVCXvr3MrBTCZ9ICA6wL3lcBc0mlq3fLLynLBHekfjIC9q0+TSRzy1zVROLnWfeLhT6T212HTuRuvdqNH01pO7xse7VNsVRWZf+863f4rWV15D0nLb4IbG4Phw5T4b1QEgJw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=kxsPETSC; arc=none smtp.client-ip=209.85.210.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="kxsPETSC"
Received: by mail-pf1-f201.google.com with SMTP id
 d2e1a72fcca58-71e368933adso2134392b3a.2
        for <kvm@vger.kernel.org>; Fri, 11 Oct 2024 14:44:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728683054; x=1729287854;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=W8FDOlqwvEsdAJAf8IdqafehVhAI8JwdIbxbRDiLpiY=;
        b=kxsPETSCMazyrqlUZ+G7O95fuiPcGSkrzp9eB56qC2iRtLKxU7CrNCYH1K0PT5uWWE
         rIu/HqgfJuP81HV4nMwvt3Lk9dPpZNAQ1O+a65GuMgt7V5R+PeJs4oW3jTN53xFkakkL
         54le5HOUTrFuFwj8l0MCRM2V2C24tOVm6LaXKRIFYeugRL2twulrMl/NpiOYJLRROUUD
         PuFjDfnAonfYij0r9N3+j75DhTafkLfSEXMaC/7p2gtG2Za8vOV9YebrrgQDimTAllrY
         L68RJGiNEpkW4KfFVCOqTNSGcZeuj6iTDNGVyOkpCQJvcQ2uYp3fVXtE4ac6NDx6cSqk
         HsvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728683054; x=1729287854;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=W8FDOlqwvEsdAJAf8IdqafehVhAI8JwdIbxbRDiLpiY=;
        b=SeXXdkl0HQDJMMSBnahN6v/Lex1Svfebm+p3tFe2lGx3/8cz0d4q8hA9/T0TNNmewO
         DKU14Duu9c6/uUaC5sctLCiyO45MpH2viHrWP+Kes6pvKkp6VsfhXpuznd4EO0ZBsqYD
         GQYWsvs8K9JjeIc33DsLzjbO6V0GvU978wZrbyF87y/joJ53NVVpFG/mnK0+R5wixpIk
         M/7JvUfMRnusozvaXvAvvqNNC+WmKl1topuEcTt/mGXPqOUMemi6qRUNMSGwUBDLCF3F
         CdJBArbxm80/s5l16pFSNg4jciE1OVCTH/1C+8OOlNha4kSoBV94Nr6p11nEvVpS7IAY
         UdZA==
X-Gm-Message-State: AOJu0Yyci1E+gAC+j45E3tqE7GQkjI0bohpwRxvLbasTYe4GX+SP7wDp
	D6Ccw+fYyJ21O8HHHT6noEa0kvp2/zda2SN+e4qzH7cKJ7sFVxfnOxn7VVYLhgUjTE0zfdD07Lk
	Q1D0h2OFtHYHP32PlmfOkagrNHbZpz6siTS0lIyLVdsEF+xFPj0z6C9x9GuSUEiwS+As3vmHlay
	oC+ecQs8ax1WRbF4590Ek8UPYCH/OSofGH4mt6Veo=
X-Google-Smtp-Source: 
 AGHT+IG+CTYjXiI2WYVmaCbmdgx8aJmNp5eEhEtp42YdvInIMKciu2bPG9BFE/JQsrplK7JkLlS0PX/QLI0I4A==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1])
 (user=jmattson job=sendgmr) by 2002:a05:6a00:6f66:b0:71e:268d:19a6 with SMTP
 id d2e1a72fcca58-71e37e28a35mr18995b3a.1.1728683053750; Fri, 11 Oct 2024
 14:44:13 -0700 (PDT)
Date: Fri, 11 Oct 2024 14:43:50 -0700
In-Reply-To: <20241011214353.1625057-1-jmattson@google.com>
Precedence: bulk
X-Mailing-List: kvm@vger.kernel.org
List-Id: <kvm.vger.kernel.org>
List-Subscribe: <mailto:kvm+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:kvm+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241011214353.1625057-1-jmattson@google.com>
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241011214353.1625057-2-jmattson@google.com>
Subject: [PATCH v5 1/4] x86/cpufeatures: Clarify semantics of X86_FEATURE_IBPB
From: Jim Mattson <jmattson@google.com>
To: kvm@vger.kernel.org
Cc: bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
	jpoimboe@kernel.org, kai.huang@intel.com, linux-kernel@vger.kernel.org,
	mingo@redhat.com, pawan.kumar.gupta@linux.intel.com, pbonzini@redhat.com,
	sandipan.das@amd.com, seanjc@google.com, tglx@linutronix.de, x86@kernel.org,
	Jim Mattson <jmattson@google.com>

Since this synthetic feature bit is set on AMD CPUs that don't flush
the RSB on an IBPB, indicate as much in the comment, to avoid
potential confusion with the Intel IBPB semantics.

Signed-off-by: Jim Mattson <jmattson@google.com>
---
 arch/x86/include/asm/cpufeatures.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index dd4682857c12..644b3e1e1ab6 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -215,7 +215,7 @@
 #define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE	( 7*32+23) /* Disable Speculative Store Bypass. */
 #define X86_FEATURE_LS_CFG_SSBD		( 7*32+24)  /* AMD SSBD implementation via LS_CFG MSR */
 #define X86_FEATURE_IBRS		( 7*32+25) /* "ibrs" Indirect Branch Restricted Speculation */
-#define X86_FEATURE_IBPB		( 7*32+26) /* "ibpb" Indirect Branch Prediction Barrier */
+#define X86_FEATURE_IBPB		( 7*32+26) /* "ibpb" Indirect Branch Prediction Barrier without a guaranteed RSB flush */
 #define X86_FEATURE_STIBP		( 7*32+27) /* "stibp" Single Thread Indirect Branch Predictors */
 #define X86_FEATURE_ZEN			( 7*32+28) /* Generic flag for all Zen and newer */
 #define X86_FEATURE_L1TF_PTEINV		( 7*32+29) /* L1TF workaround PTE inversion */

From patchwork Fri Oct 11 21:43:51 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jim Mattson <jmattson@google.com>
X-Patchwork-Id: 13833190
Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com
 [209.85.219.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E08761D1753
	for <kvm@vger.kernel.org>; Fri, 11 Oct 2024 21:44:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.219.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728683062; cv=none;
 b=DmR59Ykj7/7kljPrY2bK8Jm3M3FS9fFk01enMb8CnevN8vXozDpOmeXonWR/qfuQOzXSwKiMi1rfTfCQADWOiKlMq+S2kX5SjOX4asjUWT1xm0GI6jfRDb8SYft7/S2D7CCmplWGLmYkHDo/M0eky9/Hg29GhQx3W6GBqATQ/jE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728683062; c=relaxed/simple;
	bh=/I8VUdkvAJLQEJj8WKw3N5lQy7af0guee/AI5dqcmnk=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=SrU24w79rCI+m/koe1qmWniIp36n1HpGLKTFHnYTFLT2oNUZeRZQqjSIfpcGCR4a63w/IV/h/cXMdEhUnraNOXdjXur7yySnV9sf+3XYWkp3BGI/OFD1Fca3jrFqEWJc3tQjyb3H96iWN7PVO/Jggyl7apmQH6FqL/qhWujg52U=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=viQ1NERE; arc=none smtp.client-ip=209.85.219.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="viQ1NERE"
Received: by mail-yb1-f201.google.com with SMTP id
 3f1490d57ef6-e17bb508bb9so3934805276.2
        for <kvm@vger.kernel.org>; Fri, 11 Oct 2024 14:44:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728683060; x=1729287860;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=6ReiYQhELm2YErEhhfOQ8zhEV99f32bvRKL1jPZXBWs=;
        b=viQ1NEREgI5h1siaIjSs8guClpel1RcMNwfh58eMeYRhKJEX2DUakmJ9E+Z6KAO+Y7
         vH7fGUaOeh7gMSQY3d3Kv4vecLYlqNqHdQStZ8FhPhSL1Dmxt8MuyuIVU5icV/nwLlZe
         2XHhp35yT41hD5zb+uljrUANMce4ETKmFs0p2ikt32qfQvqRQDg5aSeiADkHXeDIKgeq
         z4wuKTCi/Dof1oVD7JVYS/QvL+0lw+qkrRYoJN+FFxxSY54zD832kRFVGE9lvblu9eJA
         +Qqp8OJ0xfN5rS6sfctOddX0PnXjfAoSX6C4vhw9kziWjzxMc0Wrd1QPYOwyZDlhZiPR
         HhzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728683060; x=1729287860;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=6ReiYQhELm2YErEhhfOQ8zhEV99f32bvRKL1jPZXBWs=;
        b=J6LofEfi6rQ4aNZ+R6P/oBRIJmEaNB8mRNI34zGPGE9K1cvigujD+IZSl5A5k//rXO
         BhEPL+b394gKdxNQjb4xRcdBPQ/49wrxOEggSOVKC/ITJD/PQVC2W3x8/L458tMOSVf3
         NHQT3lJWGP/EBY4jEyDRUDnawb3wk44+u38QjaIc+AwLHjT4Zb9tr6ajwZ7fKxCXkcoC
         MGMEft7VRY6oPXUMPiOHrj/RbkW4tl34NE6hmaAAjpXsi9lvOIxraTkspTs5plxGrfc9
         t+sjjvmB8oxpZ/dtK6NtxXdL5iyDrqLQhuN6MwjCHdrdhZ+pZG1LqTIfnkGrB0qspSlm
         VuCw==
X-Gm-Message-State: AOJu0YzeWP7YTdZcUu3OJJpSDn1y6LSfUSza9ZD8mupLEGMnluN9l2rT
	qtasA53/z0fxWY8obBJJJO+BVgUSEiDpSRwGb/zOiyIN86/7yfQeuYWNXnVc+1A9V6Wt6ROCcmq
	AM0TTaPUaEaGVoh6/a6tYY6WBlC5KyqzI8QKfMwIkE3ULRkJfQzw/uApJZtMDIpWukjYVmATAAw
	+gDt/4pcTWpbmGSUp5+7dsmgDDlAMbsuk+gxWYwBU=
X-Google-Smtp-Source: 
 AGHT+IFNjTU5JA4y1ucXDSMX706MXDSEHDMsE+i5BoQ5Q0Kts10PVFaN7ZNX1L99lyAXtbkbDoxswNpwL0J9HQ==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1])
 (user=jmattson job=sendgmr) by 2002:a25:86d0:0:b0:e25:5cb1:77cd with SMTP id
 3f1490d57ef6-e291a32d32cmr14230276.10.1728683059203; Fri, 11 Oct 2024
 14:44:19 -0700 (PDT)
Date: Fri, 11 Oct 2024 14:43:51 -0700
In-Reply-To: <20241011214353.1625057-1-jmattson@google.com>
Precedence: bulk
X-Mailing-List: kvm@vger.kernel.org
List-Id: <kvm.vger.kernel.org>
List-Subscribe: <mailto:kvm+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:kvm+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241011214353.1625057-1-jmattson@google.com>
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241011214353.1625057-3-jmattson@google.com>
Subject: [PATCH v5 2/4] x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
From: Jim Mattson <jmattson@google.com>
To: kvm@vger.kernel.org
Cc: bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
	jpoimboe@kernel.org, kai.huang@intel.com, linux-kernel@vger.kernel.org,
	mingo@redhat.com, pawan.kumar.gupta@linux.intel.com, pbonzini@redhat.com,
	sandipan.das@amd.com, seanjc@google.com, tglx@linutronix.de, x86@kernel.org,
	Jim Mattson <jmattson@google.com>,
 Venkatesh Srinivas <venkateshs@chromium.org>,
	Tom Lendacky <thomas.lendacky@amd.com>

AMD's initial implementation of IBPB did not clear the return address
predictor. Beginning with Zen4, AMD's IBPB *does* clear the return
address predictor. This behavior is enumerated by
CPUID.80000008H:EBX.IBPB_RET[bit 30].

Define X86_FEATURE_AMD_IBPB_RET for use in KVM_GET_SUPPORTED_CPUID,
when determining cross-vendor capabilities.

Suggested-by: Venkatesh Srinivas <venkateshs@chromium.org>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
---
 arch/x86/include/asm/cpufeatures.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 644b3e1e1ab6..a222a24677d7 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -348,6 +348,7 @@
 #define X86_FEATURE_CPPC		(13*32+27) /* "cppc" Collaborative Processor Performance Control */
 #define X86_FEATURE_AMD_PSFD            (13*32+28) /* Predictive Store Forwarding Disable */
 #define X86_FEATURE_BTC_NO		(13*32+29) /* Not vulnerable to Branch Type Confusion */
+#define X86_FEATURE_AMD_IBPB_RET	(13*32+30) /* IBPB clears return address predictor */
 #define X86_FEATURE_BRS			(13*32+31) /* "brs" Branch Sampling available */
 
 /* Thermal and Power Management Leaf, CPUID level 0x00000006 (EAX), word 14 */

From patchwork Fri Oct 11 21:43:52 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jim Mattson <jmattson@google.com>
X-Patchwork-Id: 13833191
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A7DE1D1E6D
	for <kvm@vger.kernel.org>; Fri, 11 Oct 2024 21:44:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728683066; cv=none;
 b=NEpTj7uj11rAWFHRcrhuSEV4wcrzgRTP1qbA4vb0v+VFRSnr+6IFlFZloINM071CD6vxxZphb6E9uAkK22mIMEjDOvRS2UsooX/u2+0oOSpCfcEFCueyI8h+LFwgiThryHF+XU0C/i+38L3Pbq972jsqWQQKHbPETFEyRoDOOUU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728683066; c=relaxed/simple;
	bh=FySfe5RrrfJjXgO8V1GOxagEYmAWMeDCEI02fIbT6Cw=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=MzwFJAJCSi0KkBBDfym5QJLZzW7CYD46MMXzOg/O6jMcsu+Eg+hg+sX0pGK5qQ/gyvAfXDcpAJ2ds1IbXgjODxbBK244XnCT6REq/a96n5kZoxCnl3Om3SraN6idlkJDrTMEY1+Hv1xLLQ5sGFB7a9Vsi9grDwah2OJW4Gh7tc0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=thBO0AqZ; arc=none smtp.client-ip=209.85.210.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="thBO0AqZ"
Received: by mail-pf1-f201.google.com with SMTP id
 d2e1a72fcca58-71e00c8adf9so2583094b3a.1
        for <kvm@vger.kernel.org>; Fri, 11 Oct 2024 14:44:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728683064; x=1729287864;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=7BzS7UcNh/RHQXZP7p5KB3mv/Z/fAaS/j1ugPEdV3OM=;
        b=thBO0AqZixu8eZvOJmX5bvBHP9WbwaqQA/Uxkoug4WgUBceCYLl4Zx0K+hg2gZ3Gd/
         tijqR6j2CONVIS2B8Z0ra4Qc0ByF0Vlm/7OFikECd2KpQGzPub4vCfEaAXjLFAYrE2FB
         F1DABWAXkFxQuCFx1uBJJl+mbvxsGdP/VA2FfgBIPCfi1j5IouUmdkEd31g0WMEBflpz
         PKFDKb21s1mT++tOyXyXP+Hftn1xpTY0BavRFBu67j1jnFaIfyiugOsCgQOFosytExTU
         CLAZUx5FtFx3nhAKP00/LvWDu97x9oIJz5AKtALKapZupV+7Bu4F/WYzCwjiua602ABv
         3dOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728683064; x=1729287864;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=7BzS7UcNh/RHQXZP7p5KB3mv/Z/fAaS/j1ugPEdV3OM=;
        b=da55RndZG6+a7zpEkJ5Hi0u3+WebIs2QS+nuXn7L+54E3mLqrWLtiS9XswcvPCcCrV
         ia4FzdRo5SahC9mWGpXvpimO9XYadFizZDBWXI6zYQterWrsx00liw+pCYxrWa8QPl6Y
         cHwIUXZA+91unHbccxE/HWXV1b3Yda4TKrhmh+1J3NrjacB3HSRkowiivNQsOAAV4rZs
         GXbuXHEjj5DYHpGy6Cv25QN48KsACf8fGbswpjxQlaGIkkUP0OlOwPO0V4Ie8YPEPgcC
         tPiuwbDWtvnanNOikFzVlOBhtTodP3deJwXzS7WfENuEwgX87GHAu23DCXVj5tVtTIOd
         kfng==
X-Gm-Message-State: AOJu0YxBa8mlzrU0LKaiq1Ro3i5gJvktzK+vQcFsYak7z0VEnk4blokW
	1ZKtIzG8eLaJg6l1VhR3Fq9zlHCFOg3HGb0wrz1zQLHPf0bkC8i7TDoZaEtlLahBF11INnnmtSc
	hmI9lIUG4shUWvbC+AUz9OTvbivnRBwyL1wFRMgfIc5vbOQAoYwLUnuvsNDsnR2u1yD5oKwXFy4
	/OwkmJRvMmfB1jWrKv0xG2mMoH9HUikcqScp5A3do=
X-Google-Smtp-Source: 
 AGHT+IHiuMA0lbrxoSV6pFu0qHQjNnerRePAfG3XsNaL0Dp4l+zOxesosad5IkpAuo20QGe5tFe367ODjHjpUw==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1])
 (user=jmattson job=sendgmr) by 2002:a05:6a00:91c1:b0:71d:fe0f:c875 with SMTP
 id d2e1a72fcca58-71e3810af0cmr7016b3a.6.1728683063059; Fri, 11 Oct 2024
 14:44:23 -0700 (PDT)
Date: Fri, 11 Oct 2024 14:43:52 -0700
In-Reply-To: <20241011214353.1625057-1-jmattson@google.com>
Precedence: bulk
X-Mailing-List: kvm@vger.kernel.org
List-Id: <kvm.vger.kernel.org>
List-Subscribe: <mailto:kvm+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:kvm+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241011214353.1625057-1-jmattson@google.com>
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241011214353.1625057-4-jmattson@google.com>
Subject: [PATCH v5 3/4] KVM: x86: Advertise AMD_IBPB_RET to userspace
From: Jim Mattson <jmattson@google.com>
To: kvm@vger.kernel.org
Cc: bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
	jpoimboe@kernel.org, kai.huang@intel.com, linux-kernel@vger.kernel.org,
	mingo@redhat.com, pawan.kumar.gupta@linux.intel.com, pbonzini@redhat.com,
	sandipan.das@amd.com, seanjc@google.com, tglx@linutronix.de, x86@kernel.org,
	Jim Mattson <jmattson@google.com>, Tom Lendacky <thomas.lendacky@amd.com>

This is an inherent feature of IA32_PRED_CMD[0], so it is trivially
virtualizable (as long as IA32_PRED_CMD[0] is virtualized).

Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
---
 arch/x86/kvm/cpuid.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 41786b834b16..53112669be00 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -755,7 +755,7 @@ void kvm_set_cpu_caps(void)
 		F(CLZERO) | F(XSAVEERPTR) |
 		F(WBNOINVD) | F(AMD_IBPB) | F(AMD_IBRS) | F(AMD_SSBD) | F(VIRT_SSBD) |
 		F(AMD_SSB_NO) | F(AMD_STIBP) | F(AMD_STIBP_ALWAYS_ON) |
-		F(AMD_PSFD)
+		F(AMD_PSFD) | F(AMD_IBPB_RET)
 	);
 
 	/*

From patchwork Fri Oct 11 21:43:53 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jim Mattson <jmattson@google.com>
X-Patchwork-Id: 13833192
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3CC6A1E2000
	for <kvm@vger.kernel.org>; Fri, 11 Oct 2024 21:44:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728683069; cv=none;
 b=lflFnvv0kmpJ4OnETwfReHirPt/oGM7BqG93ukSFcmFt/W8vFwi+SCaplkXHMjLXevUpzsVsbHZyrvYoEG3XiJRFXIoFzhaRdSM91A3hywkBeELGYzNYn1h1gTyP2VoSM0ZWWVo956LQOGm8yEfPvKAD6XM9Fs9gzvGLN//RfPI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728683069; c=relaxed/simple;
	bh=g84dQRvOkmfkJ9fMKPkg7yFI/j/iidv6fqlkrGBROj4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=oAmdKXta4fxXDLrw71GClwZ8OpfloxkPchWw930a0FtRryFgoHeCGnE9uaaICaC7y36QIWzvnqymILb4k4xoHFg/7OvuzE2CHA2Je/DszE89usEyA7+R9FajwPRVGT/VRC7yJP7qQBMldxmyPLvNRTeNCvHLKJsNuBjlQtMlR38=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=CAHDqFPy; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="CAHDqFPy"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-20c45296b3fso25324055ad.0
        for <kvm@vger.kernel.org>; Fri, 11 Oct 2024 14:44:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728683067; x=1729287867;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=mwpmJGxchn7b8cfCM3dVFdqHT3Yg0RQpXo/tMqXMwnM=;
        b=CAHDqFPyfnlGQBhQS99n4GaK1uNc1jSSam2QwtQ6bJCY4XMxe1wPmnpgYgJ7Q3rG08
         FFD2lujeiE590dSOMhA8RpLRSsKW2ez5Bu9lO/B9ZiNz2rnWAuX3jKpk3rxDtsp4fsUk
         8biJ7ZRbSwqZbhKzILPQ206Z/0U3/DxOdzRXRwkXTuurkUEAoZBr5o1ij+W8g115HQzB
         AKKeHei7yW2oKVWP1oyQ19heofnjKDiS1pxx3HtDMvAwXUz5KjDg6vBaPSEq04ryUxRA
         pANdPMbLLtp3LSLnXawocvZyRx49V7azSJHJbzl3vHIUSJbuyGg4RTFQ3UDx6Szz1S03
         XZog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728683067; x=1729287867;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=mwpmJGxchn7b8cfCM3dVFdqHT3Yg0RQpXo/tMqXMwnM=;
        b=XUPiKKCRAsg3WO0WmXKPTbu6MbC+WcPuAK1RdWbgYd6cUN2Ks5ClKVxzAt0kukqPRo
         YY9BAWXN+RrCpaQsOeJvG8jom9Gh28Uih4imnumZC61y2rIDN0xOkarZ7RHC1D+ZHIpC
         60RrzrOOPlnMkyOm2z3dtfOQ4rD9x64eVVeJ0C0zwrtch6HVJKsNUabLPeCMvW8TSHep
         hFWh4yccnnxcNchivANlyCzKcf2dmJqgxubWeRNcy1SwgmPlUsQ4uOieZynN0yMPCWE8
         JYa09aqpFibsX/2+Lw9Fa6A8Bz5kM1l88BrirGsUiHRyA+dTCF+puUNo00/s3thhqXi8
         5T0Q==
X-Gm-Message-State: AOJu0YweJ+kSENANjWk1raLJQL6f5w5WwI/oq0gUrfweacgGA4vzJPlf
	SP9rCzrTmn/BPau36zdlYh2una0d5mE2pJgUFHy4sNKDdjPTIG99LmYzcvUvjcPbAMiUl+RkkEc
	ZsOMlH9vorpoin2zccRU1h03N5sFV8IZjz3GO6fZnN9+Zk5eZ5HGdJU74cLOy4RJ19JuYqHPi2q
	vghXAJ7L7VkPakTOwscXNXi8HRvC7MLDYmTmekHoQ=
X-Google-Smtp-Source: 
 AGHT+IE/S6/IuBocPgmULf1WfcyR70lEh9UP0uUwh2OMsuj8NvlIvRc19XBB4ypneCTpUWYMlwcLmYYG+mlRqQ==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1])
 (user=jmattson job=sendgmr) by 2002:a17:902:fb44:b0:205:656a:efe8 with SMTP
 id d9443c01a7336-20ca16d0d07mr234905ad.8.1728683066408; Fri, 11 Oct 2024
 14:44:26 -0700 (PDT)
Date: Fri, 11 Oct 2024 14:43:53 -0700
In-Reply-To: <20241011214353.1625057-1-jmattson@google.com>
Precedence: bulk
X-Mailing-List: kvm@vger.kernel.org
List-Id: <kvm.vger.kernel.org>
List-Subscribe: <mailto:kvm+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:kvm+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241011214353.1625057-1-jmattson@google.com>
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241011214353.1625057-5-jmattson@google.com>
Subject: [PATCH v5 4/4] KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB
From: Jim Mattson <jmattson@google.com>
To: kvm@vger.kernel.org
Cc: bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
	jpoimboe@kernel.org, kai.huang@intel.com, linux-kernel@vger.kernel.org,
	mingo@redhat.com, pawan.kumar.gupta@linux.intel.com, pbonzini@redhat.com,
	sandipan.das@amd.com, seanjc@google.com, tglx@linutronix.de, x86@kernel.org,
	Jim Mattson <jmattson@google.com>,
 Venkatesh Srinivas <venkateshs@chromium.org>

From Intel's documention [1], "CPUID.(EAX=07H,ECX=0):EDX[26]
enumerates support for indirect branch restricted speculation (IBRS)
and the indirect branch predictor barrier (IBPB)." Further, from [2],
"Software that executed before the IBPB command cannot control the
predicted targets of indirect branches (4) executed after the command
on the same logical processor," where footnote 4 reads, "Note that
indirect branches include near call indirect, near jump indirect and
near return instructions. Because it includes near returns, it follows
that **RSB entries created before an IBPB command cannot control the
predicted targets of returns executed after the command on the same
logical processor.**" [emphasis mine]

On the other hand, AMD's IBPB "may not prevent return branch
predictions from being specified by pre-IBPB branch targets" [3].

However, some AMD processors have an "enhanced IBPB" [terminology
mine] which does clear the return address predictor. This feature is
enumerated by CPUID.80000008:EDX.IBPB_RET[bit 30] [4].

Adjust the cross-vendor features enumerated by KVM_GET_SUPPORTED_CPUID
accordingly.

[1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/cpuid-enumeration-and-architectural-msrs.html
[2] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/speculative-execution-side-channel-mitigations.html#Footnotes
[3] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1040.html
[4] https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/24594.pdf

Fixes: 0c54914d0c52 ("KVM: x86: use Intel speculation bugs and features as derived in generic x86 code")
Suggested-by: Venkatesh Srinivas <venkateshs@chromium.org>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 arch/x86/kvm/cpuid.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 53112669be00..d695e7bc41ed 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -690,7 +690,9 @@ void kvm_set_cpu_caps(void)
 	kvm_cpu_cap_set(X86_FEATURE_TSC_ADJUST);
 	kvm_cpu_cap_set(X86_FEATURE_ARCH_CAPABILITIES);
 
-	if (boot_cpu_has(X86_FEATURE_IBPB) && boot_cpu_has(X86_FEATURE_IBRS))
+	if (boot_cpu_has(X86_FEATURE_AMD_IBPB_RET) &&
+	    boot_cpu_has(X86_FEATURE_AMD_IBPB) &&
+	    boot_cpu_has(X86_FEATURE_AMD_IBRS))
 		kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL);
 	if (boot_cpu_has(X86_FEATURE_STIBP))
 		kvm_cpu_cap_set(X86_FEATURE_INTEL_STIBP);
@@ -763,8 +765,12 @@ void kvm_set_cpu_caps(void)
 	 * arch/x86/kernel/cpu/bugs.c is kind enough to
 	 * record that in cpufeatures so use them.
 	 */
-	if (boot_cpu_has(X86_FEATURE_IBPB))
+	if (boot_cpu_has(X86_FEATURE_IBPB)) {
 		kvm_cpu_cap_set(X86_FEATURE_AMD_IBPB);
+		if (boot_cpu_has(X86_FEATURE_SPEC_CTRL) &&
+		    !boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB))
+			kvm_cpu_cap_set(X86_FEATURE_AMD_IBPB_RET);
+	}
 	if (boot_cpu_has(X86_FEATURE_IBRS))
 		kvm_cpu_cap_set(X86_FEATURE_AMD_IBRS);
 	if (boot_cpu_has(X86_FEATURE_STIBP))